* Re: Signature/encryption, what's the standard ?
1999-10-27 12:57 Signature/encryption, what's the standard ? Oscar Figueiredo
@ 1999-10-27 14:26 ` Alan Shutko
1999-10-27 15:51 ` Hrvoje Niksic
` (3 subsequent siblings)
4 siblings, 0 replies; 21+ messages in thread
From: Alan Shutko @ 1999-10-27 14:26 UTC (permalink / raw)
Cc: ding
Oscar Figueiredo <Oscar.Figueiredo@di.epfl.ch> writes:
> should therefore use S/MIME instead of PGP signatures because it was the
> preferred way to sign a message.
Correction: "His mailreader's preferred way to read signed messages."
--
Alan Shutko <ats@acm.org> - In a variety of flavors!
Hedonist for hire... no job too easy!
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-27 12:57 Signature/encryption, what's the standard ? Oscar Figueiredo
1999-10-27 14:26 ` Alan Shutko
@ 1999-10-27 15:51 ` Hrvoje Niksic
1999-10-27 16:49 ` Oscar Figueiredo
1999-10-28 1:02 ` John Saylor
` (2 subsequent siblings)
4 siblings, 1 reply; 21+ messages in thread
From: Hrvoje Niksic @ 1999-10-27 15:51 UTC (permalink / raw)
Oscar Figueiredo <Oscar.Figueiredo@di.epfl.ch> writes:
> I would like to know what's the preferred way of signing messages
> nowadays: PGP or S/MIME (i.e. RFC 2015 or 2646) ?
FWIW, your messages are neither rfc2015 nor S/MIME. (And I don't see
what either has to do with rfc2646.)
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-27 15:51 ` Hrvoje Niksic
@ 1999-10-27 16:49 ` Oscar Figueiredo
1999-10-28 10:05 ` Hrvoje Niksic
1999-10-29 6:32 ` Steinar Bang
0 siblings, 2 replies; 21+ messages in thread
From: Oscar Figueiredo @ 1999-10-27 16:49 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 365 bytes --]
>>>>> "Hrvoje" == Hrvoje Niksic <hniksic@srce.hr> writes:
Hrvoje> FWIW, your messages are neither rfc2015 nor S/MIME. (And I don't see
Hrvoje> what either has to do with rfc2646.)
Sorry, I meant RFC2633 (S/MIME) not 2646 (text/plain).
Why are my messages not RFC2015 compliant ? Last time I checked they looked
so. Which requirement is missing ?
Oscar
[-- Attachment #2: Type: application/pgp-signature, Size: 261 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-27 16:49 ` Oscar Figueiredo
@ 1999-10-28 10:05 ` Hrvoje Niksic
1999-10-28 10:49 ` Graham Murray
1999-11-07 0:07 ` Lars Magne Ingebrigtsen
1999-10-29 6:32 ` Steinar Bang
1 sibling, 2 replies; 21+ messages in thread
From: Hrvoje Niksic @ 1999-10-28 10:05 UTC (permalink / raw)
Oscar Figueiredo <Oscar.Figueiredo@di.epfl.ch> writes:
> Why are my messages not RFC2015 compliant ?
My apologies; after closer inspection, your messages do seem to be
rfc2015 compliant. It's just Gnus that doesn't handle
multipart/signed properly.
But then again, wouldn't it be nice if I could at least tell Gnus
that, when faced with a multipart/signed thingy, it ignores the second
part?
mm-* hackers? Anyone?
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-28 10:05 ` Hrvoje Niksic
@ 1999-10-28 10:49 ` Graham Murray
1999-10-28 10:52 ` Hrvoje Niksic
1999-11-07 0:07 ` Lars Magne Ingebrigtsen
1 sibling, 1 reply; 21+ messages in thread
From: Graham Murray @ 1999-10-28 10:49 UTC (permalink / raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hrvoje Niksic <hniksic@srce.hr> writes:
> My apologies; after closer inspection, your messages do seem to be
> rfc2015 compliant. It's just Gnus that doesn't handle
> multipart/signed properly.
Is it gnus, or Mailcrypt which does not handle it properly?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0e (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>
iD8DBQE4GCodEhN/ETQwnEERArdJAKCRNG1yrn8qC0t3jUKl5jkQNTnWbACfd2oR
L19hQ6SQuDCJjfLceKwMqg0=
=LTGu
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-28 10:49 ` Graham Murray
@ 1999-10-28 10:52 ` Hrvoje Niksic
1999-10-28 11:51 ` David Kågedal
0 siblings, 1 reply; 21+ messages in thread
From: Hrvoje Niksic @ 1999-10-28 10:52 UTC (permalink / raw)
Graham Murray <graham@barnowl.demon.co.uk> writes:
> Hrvoje Niksic <hniksic@srce.hr> writes:
>
> > My apologies; after closer inspection, your messages do seem to be
> > rfc2015 compliant. It's just Gnus that doesn't handle
> > multipart/signed properly.
>
> Is it gnus, or Mailcrypt which does not handle it properly?
Gnus shows "application/octet-stream" attachments in Oscar's mails. I
shouldn't see those.
I don't use mailcrypt.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-28 10:52 ` Hrvoje Niksic
@ 1999-10-28 11:51 ` David Kågedal
1999-10-28 11:58 ` Hrvoje Niksic
0 siblings, 1 reply; 21+ messages in thread
From: David Kågedal @ 1999-10-28 11:51 UTC (permalink / raw)
Hrvoje Niksic <hniksic@srce.hr> writes:
> Graham Murray <graham@barnowl.demon.co.uk> writes:
>
> > Hrvoje Niksic <hniksic@srce.hr> writes:
> >
> > > My apologies; after closer inspection, your messages do seem to be
> > > rfc2015 compliant. It's just Gnus that doesn't handle
> > > multipart/signed properly.
> >
> > Is it gnus, or Mailcrypt which does not handle it properly?
>
> Gnus shows "application/octet-stream" attachments in Oscar's mails. I
> shouldn't see those.
No, you should see them as application/pgp-signature. That's how it's
declared in the mail. But I guess you didn't want to see that
either...
--
David Kågedal
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-28 10:05 ` Hrvoje Niksic
1999-10-28 10:49 ` Graham Murray
@ 1999-11-07 0:07 ` Lars Magne Ingebrigtsen
1 sibling, 0 replies; 21+ messages in thread
From: Lars Magne Ingebrigtsen @ 1999-11-07 0:07 UTC (permalink / raw)
Hrvoje Niksic <hniksic@srce.hr> writes:
> But then again, wouldn't it be nice if I could at least tell Gnus
> that, when faced with a multipart/signed thingy, it ignores the second
> part?
>
> mm-* hackers? Anyone?
I've now made application/pgp-signature be displayed inline with
`ignore' as the viewer. Which makes them disappear altogether, of
course.
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-27 16:49 ` Oscar Figueiredo
1999-10-28 10:05 ` Hrvoje Niksic
@ 1999-10-29 6:32 ` Steinar Bang
1999-10-29 12:17 ` Simon Josefsson
1 sibling, 1 reply; 21+ messages in thread
From: Steinar Bang @ 1999-10-29 6:32 UTC (permalink / raw)
>>>>> Oscar Figueiredo <Oscar.Figueiredo@di.epfl.ch>:
>>>>> "Hrvoje" == Hrvoje Niksic <hniksic@srce.hr> writes:
Hrvoje> FWIW, your messages are neither rfc2015 nor S/MIME. (And I don't see
Hrvoje> what either has to do with rfc2646.)
> Sorry, I meant RFC2633 (S/MIME) not 2646 (text/plain).
For easy reference:
http://www.ietf.org/rfc/rfc2015.txt
http://www.ietf.org/rfc/rfc2633.txt
http://www.ietf.org/rfc/rfc2646.txt
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-29 6:32 ` Steinar Bang
@ 1999-10-29 12:17 ` Simon Josefsson
1999-10-29 15:21 ` Eric Marsden
0 siblings, 1 reply; 21+ messages in thread
From: Simon Josefsson @ 1999-10-29 12:17 UTC (permalink / raw)
Steinar Bang <sb@metis.no> writes:
> Hrvoje> FWIW, your messages are neither rfc2015 nor S/MIME. (And I don't see
> Hrvoje> what either has to do with rfc2646.)
>
> > Sorry, I meant RFC2633 (S/MIME) not 2646 (text/plain).
>
> For easy reference:
> http://www.ietf.org/rfc/rfc2015.txt
> http://www.ietf.org/rfc/rfc2633.txt
> http://www.ietf.org/rfc/rfc2646.txt
RFC-junkies like me might like this, it makes Gnus highlight
RFC-looking references and retrieve the document for me.
(defvar gnus-rfc-directory (list (concat (getenv "HOME") "/rfc/")
"/afs/stacken.kth.se/ftp/pub/rfc/"
"/ftp@ftp.stacken.kth.se:/pub/rfc/"))
(defun gnus-button-embedded-rfc (file)
(if (string-match "\\([0-9]+\\)" file)
(let ((dir gnus-rfc-directory)
(file (concat "rfc" (match-string 1 file) ".txt")))
(while (and dir (not (file-readable-p (concat (car dir) file))))
(pop dir))
(find-file (concat (car dir) file)))))
(push '("\\bRFC\\(-\\| \\)?[0-9]+\\(.txt\\|.doc\\)?" 0 t gnus-button-embedded-rfc 0) gnus-button-alist)
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-27 12:57 Signature/encryption, what's the standard ? Oscar Figueiredo
1999-10-27 14:26 ` Alan Shutko
1999-10-27 15:51 ` Hrvoje Niksic
@ 1999-10-28 1:02 ` John Saylor
1999-10-28 1:38 ` Jason R Mastaler
1999-10-28 7:38 ` Jaap-Henk Hoepman
1999-10-28 2:02 ` Stainless Steel Rat
1999-10-30 6:41 ` Florian Weimer
4 siblings, 2 replies; 21+ messages in thread
From: John Saylor @ 1999-10-28 1:02 UTC (permalink / raw)
Cc: ding
Hi
>>>>> "Oscar" == Oscar Figueiredo <Oscar.Figueiredo@di.epfl.ch> writes:
Oscar> I would like to know what's the preferred way of signing
Oscar> messages nowadays: PGP or S/MIME
Of course, the preferred way is not to sign, as most email is sent
that way. I know the email clients attached to the big 2 browsers have
SMIME support [Outlook/Outlook Express & Netscape Messenger]. And at
one time many moons ago, I played with a PGP plug-in for Eudora.
PGP support is present with Mailcrypt, but I don't think there is an
SMIME component for any emacs based mail readers [at least none have
come my way]. Way down on my list of projects would be to write a lisp
shell that would use OpenSSL to do the crypto stuff to make an SMIME
mail reader for emacs. But it's just sitting there in my queue along
with the "next great american novel".
Does anyone know anything else about this?
--
\js
I want you to MEMORIZE the collected poems of EDNA ST VINCENT MILLAY..
BACKWARDS!!
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-28 1:02 ` John Saylor
@ 1999-10-28 1:38 ` Jason R Mastaler
1999-10-28 7:38 ` Jaap-Henk Hoepman
1 sibling, 0 replies; 21+ messages in thread
From: Jason R Mastaler @ 1999-10-28 1:38 UTC (permalink / raw)
John Saylor <jsaylor@mediaone.net> writes:
> I want you to MEMORIZE the collected poems of EDNA ST VINCENT MILLAY..
> BACKWARDS!!
Hmm. Perhaps this is why she ended up in an asylum.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-28 1:02 ` John Saylor
1999-10-28 1:38 ` Jason R Mastaler
@ 1999-10-28 7:38 ` Jaap-Henk Hoepman
1 sibling, 0 replies; 21+ messages in thread
From: Jaap-Henk Hoepman @ 1999-10-28 7:38 UTC (permalink / raw)
On 27 Oct 1999 21:02:22 -0400 John Saylor <jsaylor@mediaone.net> writes:
> Hi
>
> >>>>> "Oscar" == Oscar Figueiredo <Oscar.Figueiredo@di.epfl.ch> writes:
>
> Oscar> I would like to know what's the preferred way of signing
> Oscar> messages nowadays: PGP or S/MIME
>
> Of course, the preferred way is not to sign, as most email is sent
> that way. I know the email clients attached to the big 2 browsers have
> SMIME support [Outlook/Outlook Express & Netscape Messenger]. And at
> one time many moons ago, I played with a PGP plug-in for Eudora.
>
> [..]
>
> Does anyone know anything else about this?
>
Yes, PGP 5 came with a fine plugin for Outlook as well.
Jaap-Henk
--
Jaap-Henk Hoepman | Come sail your ships around me
Dept. of Computer Science | And burn these bridges down
University of Twente | Nick Cave - "Ship Song"
Email: hoepman@cs.utwente.nl === WWW: www.cs.utwente.nl/~hoepman
Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590
PGP ID: 0xF52E26DD Fingerprint: 1AED DDEB C7F1 DBB3 0556 4732 4217 ABEF
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-27 12:57 Signature/encryption, what's the standard ? Oscar Figueiredo
` (2 preceding siblings ...)
1999-10-28 1:02 ` John Saylor
@ 1999-10-28 2:02 ` Stainless Steel Rat
1999-10-28 2:42 ` John Saylor
1999-10-30 6:41 ` Florian Weimer
4 siblings, 1 reply; 21+ messages in thread
From: Stainless Steel Rat @ 1999-10-28 2:02 UTC (permalink / raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
* Oscar Figueiredo <Oscar.Figueiredo@di.epfl.ch> on Wed, 27 Oct 1999
| I would like to know what's the preferred way of signing messages
| nowadays: PGP or S/MIME (i.e. RFC 2015 or 2646) ?
Privacy Enhanced Mail (PEM). PGP and GPG follow PEM closely, though they
use different text in the block delimiters.
Benefits of the PEM format:
* It will work with *ALL* MUAs.
* It will work with messages saved as files.
* MUAs aware of PEM, like Gnus, will (or can) automatically hide PEM
delimiters and encryption/signature blocks.
* Mailcrypt plays nicely with Gnus.
"Benefits" of using the MIME formats:
* Only work with MUAs that grok MIME. /bin/mail won't cut it.
* Messages are potentially vulnerable to "whitespace corruption" by MTAs
that either add or remove whitespace, causing an otherwise valid
message not to pass a signature check.
* Signatures of MIME messages saved as files cannot be checked as neither
PGP nor GPG grok MIME.
* In general, attachments suck.
| I'm asking because I just had an argument with a M*crosoft Outlook user
| who claimed the body of my messages appear as attachments instead of
| inline and I should therefore use S/MIME instead of PGP signatures
| because it was the preferred way to sign a message.
If his MUA cannot inline text parts, his MUA is broken. Outlook broken?
No news there.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0e (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE4F66fgl+vIlSVSNkRAptaAJ9qsKjHoHkzmjKOEw+HQuiXxhM7CACfaW77
TXcE73fVryuejlrXyMucnfs=
=g4li
-----END PGP SIGNATURE-----
--
Rat <ratinox@peorth.gweep.net> \ Caution: Happy Fun Ball may suddenly
Minion of Nathan - Nathan says Hi! \ accelerate to dangerous speeds.
PGP Key: at a key server near you! \
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-28 2:02 ` Stainless Steel Rat
@ 1999-10-28 2:42 ` John Saylor
1999-10-28 3:42 ` Stainless Steel Rat
0 siblings, 1 reply; 21+ messages in thread
From: John Saylor @ 1999-10-28 2:42 UTC (permalink / raw)
Cc: (ding)
Hi
>>>>> "Rat" == Stainless Steel Rat <ratinox@peorth.gweep.net> writes:
Rat> "Benefits" of using the MIME formats:
Rat> * Messages are potentially vulnerable to "whitespace corruption"
Rat> by MTAs that either add or remove whitespace, causing an
Rat> otherwise valid message not to pass a signature check.
I have never heard of this [but I don't stay up to date on MTA
technology]. Does this kind of thing happen often? Which MTAs are
known to exhibit this behavior?
Rat> * In general, attachments suck.
Well, maybe, but they can be useful. If idiots use email for file
transfer, I'd rather have an attachment than an inline document.
--
\js
It's today's SPECIAL!
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-28 2:42 ` John Saylor
@ 1999-10-28 3:42 ` Stainless Steel Rat
0 siblings, 0 replies; 21+ messages in thread
From: Stainless Steel Rat @ 1999-10-28 3:42 UTC (permalink / raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
* John Saylor <jsaylor@mediaone.net> on Wed, 27 Oct 1999
| I have never heard of this [but I don't stay up to date on MTA
| technology].
The early version of X-Pgp was quite prone to this. I personally
experienced a 100% failure rate with usenet control messages when it was
first adopted (and then I stopped being a news server admin so I have not
kept up with it).
| Does this kind of thing happen often? Which MTAs are known to exhibit
| this behavior?
Delivery agents that deliver to Unix mbox-style mailbox files might append
a blank line to ensure proper envelope separation. Some POP servers will
do this, too; others will strip *all* trailing whitespace from a message,
all in violation of every mail handling specification as well as POP's
proscription against doing anything but moving messages from point A to
point B.
The purpose of a digital signature is to be 100% positive that such and
such person originated the message. If there is any possibility at all of
a false negative, the system itself is rendered unreliable. The frequency
of false negatives is a measure of the unreliablity of that system.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0e (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE4F8Yvgl+vIlSVSNkRAo1cAKCyGmIWsBUWvHNQtM6QcnhnYizzagCfb5wa
UgsA5pwsdQP51vat0C3noW4=
=x0qR
-----END PGP SIGNATURE-----
--
Rat <ratinox@peorth.gweep.net> \ Happy Fun Ball may stick to certain types
Minion of Nathan - Nathan says Hi! \ of skin.
PGP Key: at a key server near you! \
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-27 12:57 Signature/encryption, what's the standard ? Oscar Figueiredo
` (3 preceding siblings ...)
1999-10-28 2:02 ` Stainless Steel Rat
@ 1999-10-30 6:41 ` Florian Weimer
1999-11-01 3:46 ` David S. Goldberg
4 siblings, 1 reply; 21+ messages in thread
From: Florian Weimer @ 1999-10-30 6:41 UTC (permalink / raw)
Oscar Figueiredo <Oscar.Figueiredo@di.epfl.ch> writes:
> I would like to know what's the preferred way of signing messages
> nowadays: PGP or S/MIME (i.e. RFC 2015 or 2646) ?
AFAIK, S/MIME uses a X.509 certification hierarchy. Quite a few people
consider PGP's `web of trust' much more practical than a strict tree-like
hierarchy with a few root certification authorities.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: Signature/encryption, what's the standard ?
1999-10-30 6:41 ` Florian Weimer
@ 1999-11-01 3:46 ` David S. Goldberg
0 siblings, 0 replies; 21+ messages in thread
From: David S. Goldberg @ 1999-11-01 3:46 UTC (permalink / raw)
> AFAIK, S/MIME uses a X.509 certification hierarchy. Quite a few
> people consider PGP's `web of trust' much more practical than a
> strict tree-like hierarchy with a few root certification
> authorities.
There's nothing in any S/MIME implementation I've seen that prevents
anyone from exchanging their own, locally generated, certs without
benefit of verisign or any other authority. I'm one of those who
considers the web of trust model not only more practical, but also
more secure than the hierarchy for certain applications, personal
communication being one of them (I trust my friends to tell me someone
is legit before I trust verisign to do so) but once I have that trust,
there's no reason I can't use S/MIME to handle the encryption part.
--
Dave Goldberg
Post: The Mitre Corporation\MS B325\202 Burlington Rd.\Bedford, MA 01730
Phone: 781-271-3887
Email: dsg@mitre.org
^ permalink raw reply [flat|nested] 21+ messages in thread